Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/tuoz/laravel-signature
Signature helper for Laravel
https://github.com/tuoz/laravel-signature
api laravel5 laravel6 php signature
Last synced: 3 months ago
JSON representation
Signature helper for Laravel
- Host: GitHub
- URL: https://github.com/tuoz/laravel-signature
- Owner: tuoz
- License: apache-2.0
- Created: 2019-11-06T16:06:25.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2020-08-17T14:17:59.000Z (over 4 years ago)
- Last Synced: 2024-09-28T19:01:40.107Z (3 months ago)
- Topics: api, laravel5, laravel6, php, signature
- Language: PHP
- Homepage:
- Size: 106 KB
- Stars: 3
- Watchers: 1
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# laravel-signature
Signature helper for Laravel
[三方接入文档](./INTERGRATION.md)
#### 特性
* 对请求参数进行签名验证, 以保证数据的完整性
* 每次签名只能使用一次
* 支持 Laravel 5.x 和 Laravel 6.x
#### 安装
```bash
composer require hypocenter/laravel-signature
```
#### 配置
```
php artisan vendor:publish --provider="Hypocenter\LaravelSignature\SignatureServiceProvider"
```
执行命令后会生成配置文件 app/config/signature.php
```php
'default',
// 支持多个签名器配置
'signatures' => [
'default' => [
'resolver' => 'header',
'repository' => 'array',
'nonce_length' => 16,
'cache_driver' => 'file',
'cache_name' => 'laravel-signature',
'time_tolerance' => 5* 60,
'default_app_id' => 'tFVzAUy07VIj2p8v',
]
],
// 数据获取器定义,支持从不同来源获取
'resolvers' => [
'header' => [
'class' => Hypocenter\LaravelSignature\Payload\Resolvers\HeaderResolver::class,
'key_app_id' => 'X-SIGN-APP-ID',
'key_sign' => 'X-SIGN',
'key_timestamp' => 'X-SIGN-TIME',
'key_nonce' => 'X-SIGN-NONCE',
],
'query' => [
'class' => Hypocenter\LaravelSignature\Payload\Resolvers\QueryResolver::class,
'key_app_id' => '_appid',
'key_sign' => '_sign',
'key_timestamp' => '_time',
'key_nonce' => '_nonce',
]
],
// App 定义数据仓库,支持从不同来源获取
'repositories' => [
// 从数据库中读取
'model' => [
'class' => Hypocenter\LaravelSignature\Define\Repositories\ModelRepository::class,
'model' => Hypocenter\LaravelSignature\Define\Models\AppDefine::class,
],
// 从配置文件中读取
'array' => [
'class' => Hypocenter\LaravelSignature\Define\Repositories\ArrayRepository::class,
'defines' => [
// Add more defines here.
[
'id' => 'tFVzAUy07VIj2p8v',
'name' => 'RPC',
'secret' => 'u4JsCDCwCUakBCVn',
'config' => null
],
],
],
],
];
```
#### 驱动
可以配置多个驱动以应对不同场景的应用配置
驱动需要使用下面配置的`Repository`和`Resolver`
#### Repository
定义如何获取应用配置
* ArrayRepository: 应用AppID和Secret配置在PHP数组中, 适合简单固定的使用场景
* ModelRepository: 应用AppID和Secret配置在数据库中,适合App较多的使用场景, 默认提供`Partner`模型来处理数据库操作. 可继承 Partner 类, 自定义模型
#### Resolver
定义如何从请求中获取相关校验参数
* HeaderResolver: 从 HTTP Header 中获取
* QueryResolver: 从 GET 参数中获取
#### 签名
如果作为客户端,单独使用签名可无需 `Resolver`, 但 `Repositroy` 必须配置
```php
$client = new \GuzzleHttp\Client(['base_uri' => env('RPC_SERVER')]);
$payload = new Payload::forSign()
->setAppId('your app ID') // 如果设置了 default_app_id 可省略
->setMethod('GET')
->setPath('api/users')
->setData(['page' => 1, 'page_size' => 20])
->build();
$driver = app('signature')->get();
$driver->sign($payload);
$res = $client->request($payload->getMethod(), $payload->getPath() . '?'. http_build_query($payload->getData()), [
'headers' => [
'Accept' => "application/json",
'X-SIGN-APP-ID' => $payload->getAppId(),
'X-SIGN' => $payload->getSign(),
'X-SIGN-TIME' => $payload->getTimestamp(),
'X-SIGN-NONCE' => $payload->getNonce()
]
]);
```
#### 中间件
配置
```php
class Kernel extends HttpKernel {
protected $routeMiddleware = [
// ...
'signature' => \Hypocenter\LaravelSignature\Middleware\SignatureMiddleware::class
];
}
```
使用
```php
Route::get('test-sign', 'SignController')->middleware('signature'); // 使用默认渠道
Route::get('test-sign', 'SignController')->middleware('signature:custom'); // 使用其他驱动
```